Menu
From looking at tutorials such as this it seems relatively easy to set up .htpasswd authentication.
Here's my HTTPS block which is how I'm accessing my site:
server {
listen 443;
server_name potato;
root /var/www/html;
ssl on;
ssl_certificate /srv/ssl/cert.pem;
ssl_certificate_key /srv/ssl/key.pem;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /usr/local/nginx/.htpasswd;
}
}
I've gathered from here the following snippet to create the .htpasswd file:
USERNAME=admin
PASSWORD=password
sudo printf "$USERNAME:$(openssl passwd -crypt $PASSWORD)\n" >> .htpasswd
This initially failed with a permission denied error, which I resolved by first creating an empty .htpasswd then granting myself permission via sudo chown max:max .htpasswd.
When I visit the website, I do see the Auth prompt, but I get a 403 error even I type in the correct password.
I have been fiddling with this for a while and am continuing to dig through google searches. But I'd appreciate any tips toward a likely source. It'd also be great if someone could show me a dependable way to diagnose the cause of the Auth failure.
In my access.log file I have entries like this:
73.170.238.232 - admin [05/Sep/2016:12:03:34 -0700] "GET /musicker/dist/ HTTP/1.1" 403 571 "-" "Mozilla/5.0 (X11; CrOS x86_64 8350.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
but I don't see much useful information in there. You can see I'm trying to access the website at /musicker/dist/, and in Nginx my location / block is catching this and adding auth_basic.
787
However, if the specified index files are not in the directory, Nginx will return 403 forbidden error. One way to resolve this issue is to add the index file specified in the configuration file or add the available index file to the config file.
Causes of 403 Forbidden Often, HTTP 403 forbidden errors are caused by an access misconfiguration on the client-side, which means you can usually resolve the issue yourself. A common cause of these errors is the file or folder permission settings, which control who can read, write, and execute the file or folder.
Thankfully I figured this out not long after the posting the question, but I think the following information would be available to others looking to solve similar problems:
The relevant logs are not in access.log, but rather in error.log.
Running this showed me that the .htaccess file was not in the expected location. Then I moved it to the correct location and was able to authenticate OK.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
